The Global Rise of ‘Data Localism’
The global rise of “data localism”—countries forcing companies to store data locally—is affecting the free flow of data at the heart of today’s digital economy. A growing number of countries—including Brazil, China, India, Indonesia, South Korea, and Russia—are proposing or enacting barriers that make it more expensive and time-consuming, if not illegal, for companies to transfer data across borders, thereby forcing firms to store data locally. Unless the United States and others set new digital trade rules to keep data flows open, this trend toward data localism will yield a balkanized Internet, as data increasingly gets trapped behind virtual border walls.
Driven by low-cost cloud computing, data analytics, and mobile technology, the digitization of people’s daily lives and jobs has made the seamless transfer of data a critical part of modern commerce. It’s a simple fact that international trade involving consumers cannot take place without collecting and sending personal data across borders.
This is part of the reason why digital trade and cross-border data flows are expected to continue to grow faster than the overall rate of global trade. What isn’t obvious to consumers who use their smartphones to check social media, review a health record from a doctor, purchase something online, or make a bank transfer, is that the data behind these activities can involve data centers around the world. While largely unseen, barriers to data flows have the potential to affect the cost, ease, and accessibility of these and many other digital services.
Data localism has grown in tandem with the rapid rise in Internet connectivity. Some local data storage rules are explicitly required by law (e.g., all health data must be stored locally, as in Australia). Others are the de facto result of a culmination of other restrictive policies that make it infeasible to transfer data, such as requiring companies to store a copy of data locally before allowing it to be transferred or mandating individual or government consent for data transfers. Companies in Malaysia and elsewhere face this scenario.
These barriers to data flows are a new, but rapidly growing trend. An ITIF report from May 2017 identified 34 countries that have proposed or enacted barriers to major categories of data: accounting, tax, and financial data (18); personal data (13); government and public data (10); data related to emerging digital services (9); telecommunications data (4); and other types (5).
Misguided Justifications for Data Localism
Countries typically justify these barriers to data flows in a few ways, arguing that it’s needed to ensure data privacy and cybersecurity; to help the local digital economy; or to ensure government access to data. Yet each of these motivations is mistaken or misguided.
First, as it relates to privacy and cybersecurity, many policymakers focus on geography to address these issues, as they reflexively and mistakenly believe that data is more private and secure when it’s stored within a country’s borders. However, local data storage requirements do not increase commercial privacy or data security. The reason is simple: a firm that does business in a country is subject to that country’s privacy and cybersecurity laws, regardless of where it stores data. A secure server in Colombia is no different from a secure server in France. Data security depends on the technical, physical, and administrative controls implemented by the service provider, which can be strong or weak, regardless of where the data is stored.
Second, some policymakers believe local data storage offers a quick way to force firms to shift high-tech economic activity into their country, such as for data centers, manifesting a form of “digital protectionism.” This approach is not only wrong in that data centers involve relatively few jobs (a growing number of which are automated), but it is self-defeating, as the resulting increased costs of data processing and other data-related services far outweigh the economic benefits from these few jobs. For example, one study estimated that forced local data storage could raise cloud storage costs in The European Union and Brazil by 10.5 and 54 percent, respectively.
Barriers to cross-border data flows can affect the cost, ease, and accessibility of many digital services.
Third, some countries force companies to store data locally to guarantee government access. Some countries do so for political reasons (such as China and Russia), while others do so to ensure law enforcement and national security agencies have access to data as they fear that other countries will withhold data that they may want in the future. Governments obviously need a legal process to facilitate the latter; however, the focus should be on ways to manage this access, rather than geography, such as through upgrading existing legal agreements managing these requests.
Outdated Trade Rules
The impact of data localism may be hard for businesses and consumers to see, but it’s nonetheless widespread, as it affects the lifeblood of the modern global economy. Firms will be less competitive if they are forced to spend more for potentially more-expensive (and duplicative) local data storage and other data-related services. These higher costs will be passed onto consumers, while governments will see a ripple throughout the economy in the form of lower economic productivity as these barriers affect all data-related services.
Harder to see is the impact on innovation as these barriers undermine research and development. Businesses use data to create value in the form of new insights, goods, and services, and many can only maximize that value when data flows freely across borders.
Data localism has grown in part from the set of rules that comprise the international trading system (under the World Trade Organization), which were negotiated in the 1990s, when the Internet as we know it barely existed. The uncertainty about whether these outdated rules apply to digital services creates a vacuum, allowing countries to enact (and get away with) barriers to digital trade.
The United States and other countries that recognize the value of an open, rules-based digital economy need to update the rules to protect the free flow of data and other issues that support digital free trade. The Trans-Pacific Partnership trade agreement in the Asia-Pacific does this. However, much more needs to be done, otherwise more countries and data types will be added to the list of restricted digital activity.